Much of that vulnerability stems from the growing number of interconnected devices and systems: 20 billion by 2020, the WEF estimates. The theory goes that more connections mean more opportunities for data to be exploited by cyber criminals.

Institutional investors see this theory play out in the growing number of vendor relationships their investment managers use to run their business. As a result, many are starting to put a bigger emphasis on investment managers’ vendor relationships, and how well they are managed. It is not unusual to see multiple questions on a due diligence questionnaire that ask about vendors’ cyber security policies.

While there is increasing evidence that asset management firms are spending more on cyber security in response to increased scrutiny, there is still a shortage of qualified talent to oversee it, Aite Group notes. At the same time, many of our clients have noted a need to devote even more resources to monitoring cyber security policies and compliance at their vendors.

We’ve put together a few key questions to ask your vendors about their cyber security policies:

Is cyber security part of your compliance manual? How often is training in these policies conducted?

Who is responsible in case of a breach, and what are the procedures for informing clients?